Skip to content

npm audit false positive flag #11995

Answered by WikiRik
chris-at-lemon asked this question in Help
Discussion options

You must be logged in to vote

next-auth version 5.0.0-beta.22 ships with 0.35.3 of @auth/core which is was the newest version at that time. It is now updated to 0.36.0 and next-auth just takes the version from the workspace; https://github.com/nextauthjs/next-auth/blob/main/packages/next-auth/package.json
Only thing that needs to be done imo is release a new beta of next-auth and the release pipeline will automatically update the version of @auth/core used.
@balazsorban44 can you run the pipeline for a new beta release of next-auth?

If people want to get rid of the npm audit message right now, with a bit of manual patching, you can use the overrides functionality in NPM; https://docs.npmjs.com/cli/v10/configuring-npm/…

Replies: 4 comments 5 replies

Comment options

You must be logged in to vote
0 replies
Comment options

You must be logged in to vote
0 replies
Comment options

You must be logged in to vote
3 replies
@chris-at-lemon
Comment options

@balazsorban44
Comment options

@AOphagen
Comment options

Answer selected by balazsorban44
Comment options

You must be logged in to vote
2 replies
@chris-at-lemon
Comment options

@balazsorban44
Comment options

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Category
Help
Labels
None yet
4 participants